[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 20 Nov 2023 12:12:37 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
86f61b6c by security tracker role at 2023-11-20T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,116 @@
+CVE-2023-6197 (The Audio Merchant plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2023-6196 (The Audio Merchant plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2023-6045 (in OpenHarmony v3.2.2 and prior versions allow a local attacker 
arbitr ...)
+       TODO: check
+CVE-2023-5799 (The WP Hotel Booking WordPress plugin before 2.0.8 does not 
have prope ...)
+       TODO: check
+CVE-2023-5652 (The WP Hotel Booking WordPress plugin before 2.0.8 does not 
have autho ...)
+       TODO: check
+CVE-2023-5651 (The WP Hotel Booking WordPress plugin before 2.0.8 does not 
have autho ...)
+       TODO: check
+CVE-2023-5640 (The Article Analytics WordPress plugin does not properly 
sanitise and  ...)
+       TODO: check
+CVE-2023-5610 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does 
not va ...)
+       TODO: check
+CVE-2023-5609 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does 
not sa ...)
+       TODO: check
+CVE-2023-5593 (The out-of-bounds write vulnerability in the Windows-based 
SecuExtende ...)
+       TODO: check
+CVE-2023-5509 (The myStickymenu WordPress plugin before 2.6.5 does not 
adequately aut ...)
+       TODO: check
+CVE-2023-5343 (The Popup box WordPress plugin before 3.7.9 does not sanitise 
and esca ...)
+       TODO: check
+CVE-2023-5340 (The Five Star Restaurant Menu and Food Ordering WordPress 
plugin befor ...)
+       TODO: check
+CVE-2023-5140 (The Bonus for Woo WordPress plugin before 5.8.3 does not 
sanitise and  ...)
+       TODO: check
+CVE-2023-5119 (The Forminator WordPress plugin before 1.27.0 does not properly 
saniti ...)
+       TODO: check
+CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6 does not sanitise 
and escap ...)
+       TODO: check
+CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in 
place  ...)
+       TODO: check
+CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not 
sanitise and ...)
+       TODO: check
+CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not 
validate and ...)
+       TODO: check
+CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` 
applicati ...)
+       TODO: check
+CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the 
loading of  ...)
+       TODO: check
+CVE-2023-48293 (The XWiki Admin Tools Application provides tools to help the 
administr ...)
+       TODO: check
+CVE-2023-48292 (The XWiki Admin Tools Application provides tools to help the 
administr ...)
+       TODO: check
+CVE-2023-48241 (XWiki Platform is a generic wiki platform. Starting in version 
6.3-mil ...)
+       TODO: check
+CVE-2023-48240 (XWiki Platform is a generic wiki platform. The rendered diff 
in XWiki  ...)
+       TODO: check
+CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. 
Prior to v ...)
+       TODO: check
+CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) 
functionality sur ...)
+       TODO: check
+CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints 
from rev ...)
+       TODO: check
+CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack 
overflow via t ...)
+       TODO: check
+CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap 
overflow via th ...)
+       TODO: check
+CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap 
overflow via th ...)
+       TODO: check
+CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory 
leaks in ...)
+       TODO: check
+CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory 
leak in  ...)
+       TODO: check
+CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in 
Slider  ...)
+       TODO: check
+CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component 
/shells/embe ...)
+       TODO: check
+CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local 
attacker cause  ...)
+       TODO: check
+CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e 
allows a ...)
+       TODO: check
+CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local 
attacker causes ...)
+       TODO: check
+CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local 
attacker get se ...)
+       TODO: check
+CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local 
attacker arbitr ...)
+       TODO: check
+CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local 
attacker get co ...)
+       TODO: check
+CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker 
get co ...)
+       TODO: check
+CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site 
request ...)
+       TODO: check
+CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in 
the Commun ...)
+       TODO: check
+CVE-2023-38883 (A reflected cross-site scripting (XSS) vulnerability in the 
Community  ...)
+       TODO: check
+CVE-2023-38882 (A reflected cross-site scripting (XSS) vulnerability in the 
Community  ...)
+       TODO: check
+CVE-2023-38881 (A reflected cross-site scripting (XSS) vulnerability in the 
Community  ...)
+       TODO: check
+CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic 
has a bro ...)
+       TODO: check
+CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic 
allows re ...)
+       TODO: check
+CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 
v.1.0, AC ...)
+       TODO: check
+CVE-2023-36013 (PowerShell Information Disclosure Vulnerability)
+       TODO: check
+CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are 
vulnerable to ope ...)
+       TODO: check
+CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not 
require authen ...)
+       TODO: check
 CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar 
prior to 5.2 ...)
        NOT-FOR-US: LuxCal Web Calendar
 CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 
5.2.4M (My ...)
        NOT-FOR-US: LuxCal Web Calendar
 CVE-2023-3379 (Wago web-based management of multiple products has a 
vulnerability whi ...)
        NOT-FOR-US: Wago
-CVE-2023-46302
+CVE-2023-46302 (Apache Software Foundation Apache Submarine has a bug when 
serializing ...)
        NOT-FOR-US: Apache Submarine
 CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman 
Nakib Preloa ...)
        NOT-FOR-US: WordPress plugin
@@ -62660,8 +62766,7 @@ CVE-2022-4208 (The Chained Quiz plugin for WordPress is 
vulnerable to Reflected
        NOT-FOR-US: Chained Quiz plugin for WordPress
 CVE-2022-41985 (An authentication bypass vulnerability exists in the 
Authentication fu ...)
        NOT-FOR-US: uC-FTPs
-CVE-2022-46337
-       RESERVED
+CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication 
checks. I ...)
        - derby <unfixed>
        NOTE: https://issues.apache.org/jira/browse/DERBY-7147
        NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3
@@ -189760,8 +189865,8 @@ CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 
2.1.3 are vulnerable to intege
        NOT-FOR-US: ARM CMSIS RTOS2
 CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included 
unused ha ...)
        NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27429
-       RESERVED
+CVE-2021-27429 (Texas Instruments TI-RTOS returns a valid pointer to a small 
buffer on ...)
+       TODO: check
 CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports 
upgrading f ...)
        NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around 
in its  ...)
@@ -201494,8 +201599,8 @@ CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and 
prior is vulnerable to an ou
        NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22637 (Multiple stack-based buffer overflow issues have been 
identified in th ...)
        NOT-FOR-US: Fuji Electric
-CVE-2021-22636
-       RESERVED
+CVE-2021-22636 (Texas Instruments TI-RTOS, when configured to use HeapMem 
heap(default ...)
+       TODO: check
 CVE-2021-22635
        RESERVED
 CVE-2021-22634



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f61b6c4d958f1410ff6000eab6ea4f5d9309ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f61b6c4d958f1410ff6000eab6ea4f5d9309ee
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to